---
layout: api
page_title: RADIUS - Auth Methods - HTTP API
description: This is the API documentation for the Vault RADIUS auth method.
---

# RADIUS auth method (API)

This is the API documentation for the Vault RADIUS auth method. For
general information about the usage and operation of the RADIUS method, please
see the [Vault RADIUS method documentation](/vault/docs/auth/radius).

This documentation assumes the RADIUS method is mounted at the `/auth/radius`
path in Vault. Since it is possible to enable auth methods at any location,
please update your API calls accordingly.

## Configure RADIUS

Configures the connection parameters and shared secret used to communicate with
RADIUS.

| Method | Path                  |
| :----- | :-------------------- |
| `POST` | `/auth/radius/config` |

### Parameters

- `host` `(string: <required>)` - The RADIUS server to connect to. Examples:
  `radius.myorg.com`, `127.0.0.1`
- `port` `(integer: 1812)` - The UDP port where the RADIUS server is listening
  on. Defaults is 1812.
- `secret` `(string: <required>)` - The RADIUS shared secret.
- `unregistered_user_policies` `(string: "")` - A comma-separated list of
  policies to be granted to unregistered users.
- `dial_timeout` `(integer: 10)` - Number of second to wait for a backend
  connection before timing out. Default is 10.
- `nas_port` `(integer: 10)` - The NAS-Port attribute of the RADIUS request.
  Defaults is 10.

@include 'tokenfields.mdx'

### Sample payload

```json
{
  "host": "radius.myorg.com",
  "port": 1812,
  "secret": "mySecret"
}
```

### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/auth/radius/config
```

## Register user

Registers a new user and maps a set of policies to it. This path honors the
distinction between the `create` and `update` capabilities inside ACL policies.

| Method | Path                           |
| :----- | :----------------------------- |
| `POST` | `/auth/radius/users/:username` |

### Parameters

- `username` `(string: <required>)` - Username for this user.
- `policies` `(string: "")` - Comma-separated list of policies. If set to
  empty string, only the `default` policy will be applicable to the user.

```json
{
  "policies": "dev,prod"
}
```

### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/auth/radius/users/test-user
```

## Read user

Reads the properties of an existing username.

| Method | Path                           |
| :----- | :----------------------------- |
| `GET`  | `/auth/radius/users/:username` |

### Parameters

- `username` `(string: <required>)` - Username for this user.

### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/auth/radius/users/test-user
```

### Sample response

```json
{
  "request_id": "812229d7-a82e-0b20-c35b-81ce8c1b9fa6",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "policies": "default,dev"
  },
  "warnings": null
}
```

## Delete user

Deletes an existing username from the method.

| Method   | Path                           |
| :------- | :----------------------------- |
| `DELETE` | `/auth/radius/users/:username` |

### Parameters

- `username` `(string: <required>)` - Username for this user.

### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/auth/radius/users/test-user
```

## List users

List the users registered with the method.

| Method | Path                 |
| :----- | :------------------- |
| `LIST` | `/auth/radius/users` |

### Sample request

```shell-session
$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/auth/radius/users
```

### Sample response

```json
{
  "auth": null,
  "warnings": null,
  "wrap_info": null,
  "data": {
    "keys": ["devuser", "produser"]
  },
  "lease_duration": 0,
  "renewable": false,
  "lease_id": ""
}
```

## Login

Login with the username and password.

| Method | Path                           |
| :----- | :----------------------------- |
| `POST` | `/auth/radius/login`           |
| `POST` | `/auth/radius/login/:username` |

### Parameters

- `username` `(string: <required>)` - Username for this user.
- `password` `(string: <required>)` - Password for the authenticating user.

### Sample payload

```json
{
  "password": "Password!"
}
```

### Sample request

```shell-session
$ curl \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/auth/radius/login/test-user
```

### Sample response

```javascript
{
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "warnings": null,
  "auth": {
    "client_token": "64d2a8f2-2a2f-5688-102b-e6088b76e344",
    "accessor": "18bb8f89-826a-56ee-c65b-1736dc5ea27d",
    "policies": ["default"],
    "metadata": {
      "username": "vishal"
    },
  },
  "lease_duration": 7200,
  "renewable": true
}
```
